Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Segfault caused by config file #563
The following config file is the minimized config file that afl-tmin finds.
The following is the segfault coredump backtrace from gdb.
The bug appears to be a duplicate of this bug, but I am reporting here, since that website seems obsolete.
I was fuzzing fb78787.
The problem appears to be caused by passing a string to g_slist_append as the first parameter instead of a GSList pointer. That leads to valgrind reporting read/write of 8 bytes when the string is only 2 bytes (it is "0").
The line that checks to see if the node is a node list fails, but just returns null and seems to just continue on without doing anything to correct the issue.
I'm not sure how this should be handled. Obviously the format is not how the configuration file is expected to be. I guess it has to be caught at some point before the append is attempted.
Also, in my manual testing, the first line in all the above testcases (